Incredible: While the Muller report was being released, Facebook updates an old press post titled “Keeping Passwords Secure” with the new disclosure that millions of Instagram account passwords were internally stored in readable plaintext.
I love it that Facebook's blog post announcing that it accidentally stored hundreds of millions of users' passwords in plain text is headlined "Keeping Passwords Secure"
Remember how FB stored tens of millions of user passwords unencrypted on their servers? They just updated the blog to say that "millions of Instagram users" also had their passwords stored unencrypted. They originally said "tens of thousands of IG users"
Facebook’s “newsroom”, which is not a newsroom, publishes a piece titled “Keeping Passwords Secure” about how it failed to keep passwords secure
If you are on Instagram and haven't already changed your password, it is time. Facebook has updated its prior statement to say that "millions" of Instagram users were affected by the security incident, not "tens of thousands". ➤ #facebook
everyone: how many users' passwords were being stored in simple text? Facebook: some. everyone: how many is some? Facebook: hundreds of millions.
Facebook has been storing "hundreds of millions" of passwords in plain text this whole time. How does that even happen? Thankfully the shadow profile they have for me does not have a password :-P
im a huge fan of FB blog post titles when they have bad news to share
between 200 to 600 million facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 facebook employees BUT DONT WORRY they definitely would never abuse your private data
So kept passwords in plain text format since ❗️❗️2012 ❗️❗️() . But hey ... it's okay! We can trust them. They promise they did nothing shady with them. 😒
A key argument for PAKE is that people with the best intentions constantly screw up and store unhashed passwords on their systems. One solution is to keep passwords off those systems.
Facebook says “these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.” They will notify hundreds of millions of affected users
This is a bunch of excuses "Keeping Passwords Secure | Facebook Newsroom"
Report: Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years (KoS) & Update: Statement from Facebook
"We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users"
What an embarrassment for Facebook. Salted and hashed passwords have been the norm for a very long time now.